IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 3

About

21xddnj4fxl_aa_sl160_.jpg

This site will provide supplemental information to the leading book on technology and business controls “IT Controls and Compliance”. While not a replacement the information here extends the principles and provides current implementation, guidance, and direction that reflect the nature of the needs of business.

An overview of the Book:

IT Compliance and Controls focuses on the challenges enterprises face in sifting through international and domestic mandates and then merging these into existing operational safeguards, to create a robust control program. The book is organized into four parts. The first two parts provide an overview of the current regulatory environment, focusing on the forces that are driving technology, their controls, and the resulting published mandates. One of the themes in these first two parts is that IT compliance can provide an opportunity to identify competitive advantages in addition to providing benefits from identifying business risks inherent in an organization (security incident or loss of accreditation). This theme is reinforced by a summary of technology evolution over the past century showing its impact on market ownership (progressed from domestic individual to international stakeholders) and operations of companies, and the necessary evolution of attestation engagements. Part Three delivers a practical program for implementation. This program is presented in such a way that readers are encourages to take what applies to the unique control requirements that apply to their organizations, reinforcing another theme that there is no “one size fits all” control program. A concise set of global IT Control principles are defined and supported with core controls and each are broken down by their application and impacts on business. Part Four concludes the book with a look to the future, discussing the current regulatory and business trends that will shape the IT control program in the years ahead.

The book came about as a result of field study with organizations across industries and of varying sizes (e.g. Fortune 50, Government institutions, and Non-Profit) and researching the most influential legislation and standards around the globe. The end result is a practical breakdown of the influencers (approximately 50 primary sources and 200 secondary references) upon organizations and an enterprise risk based approach to embracing these operational necessities. The materials are supported by a crosswalk of the regulations to the control objectives detailed throughout the book. This crosswalk of control objectives to procedures to regulations ensures applicability and compliance for each organization. “

The book will hit the shelves early 2008!

No Comments

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment